While I understand where you’re coming from, I think there are some misunderstandings.
First of all, the statistic from CloudFlare that up to 94% of Tor traffic is malicious - if this statistic is even still valid 6 years later in the first place - is probably not representative of what you’d see as a search engine. Of the things they mention, like vulnerability testing, scraping, login testing, spamming, etc, only vulnerability testing and scraping are applicable to a search engine, because there are no accounts and there is nothing to be posted. Information is only retrieved. I also feel like this CloudFlare statistic might be inherently biased because I think it’s pretty likely that only the websites that were seeing these issues in the first place might use a service like CloudFlare. Other (types of) websites might see lots of Tor users not causing issues and because they don’t have issues in general, they’re not using a service like CloudFlare, which means these Tor users are not counted in this statistic.
Tor is also fairly slow, and computationally expensive (because of all the layers of cryptography involved) to use for DoS attempts. It would be both faster and cheaper for the would-be attacker to subscribe to a service that lets them make larger amounts of requests, for example.
Secondly, Mojeek is already accessible over Tor. Tor has something called exit nodes which allow Tor traffic to exit the Tor network and make requests to normal websites, which is how I’ve been using Mojeek personally.
I think a .onion domain is actually a great opportunity to introduce more features to protect users and their Tor traffic from surveillance at more levels, without any (more) harm being done to Mojeek as a service. If you’re really seeing lots of issues from Tor exit nodes (besides the larger amount that you’d expect there to be from the simple fact that larger batches of people connect to your website over single IP addresses because many people use the same Tor exit nodes) then you could set up a simple captcha system for Tor users specifically for your .onion domain, and perhaps even implement Onion Locator which would prompt Tor users to use the onion domain instead. Not to mention that the Tor software has built-in solutions aimed to prevent onion addresses from being DDoSed from within the Tor network.
I get that this would probably be a lot of work, and as a small company you probably have things that your time is better spent on. However, I truly hope you reconsider your company’s stance on Tor. Perhaps look into it a bit more, and see that as a privacy oriented service, the benefits can outweigh the cons when done correctly. It has done so for countless news sites, human rights organizations, and search engines alike with the same or similar missions and core values.